Merge pull request #131 from yono/improve_edit_user

Fix to not reuse spree_current_user as `@user`
solidusio · Feb 1, 2019 · ddded44 · ddded44
2 parents c0b5d1c + 6aacccc
commit ddded44
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 8 deletions.
diff --git a/lib/controllers/frontend/spree/users_controller.rb b/lib/controllers/frontend/spree/users_controller.rb
@@ -25,6 +25,8 @@ def create
 
   def update
     if @user.update_attributes(user_params)
+      spree_current_user.reload
+
       if params[:user][:password].present?
         # this logic needed b/c devise wants to log us out after password changes
         unless Spree::Auth::Config[:signout_after_password_change]
@@ -43,7 +45,7 @@ def user_params
     end
 
     def load_object
-      @user ||= spree_current_user
+      @user ||= Spree::User.find_by(id: spree_current_user&.id)
       authorize! params[:action].to_sym, @user
     end
 

diff --git a/spec/controllers/spree/users_controller_spec.rb b/spec/controllers/spree/users_controller_spec.rb
@@ -4,11 +4,8 @@
   let(:user) { create(:user) }
   let(:role) { create(:role) }
 
-  before { allow(controller).to receive(:spree_current_user) { user } }
-
   context '#load_object' do
     it 'redirects to signup path if user is not found' do
-      allow(controller).to receive(:spree_current_user) { nil }
       put :update, params: { user: { email: '[email protected]' } }
       expect(response).to redirect_to spree.login_path
     end
@@ -22,11 +19,32 @@
   end
 
   context '#update' do
+    before { sign_in(user) }
+
     context 'when updating own account' do
-      it 'performs update' do
-        put :update, params: { user: { email: '[email protected]' } }
-        expect(assigns[:user].email).to eq '[email protected]'
-        expect(response).to redirect_to spree.account_url(only_path: true)
+
+      context 'when user updated successfuly' do
+        before { put :update, params: { user: { email: '[email protected]' } } }
+
+        it 'saves user' do
+          expect(assigns[:user].email).to eq '[email protected]'
+        end
+
+        it 'updates spree_current_user' do
+          expect(subject.spree_current_user.email).to eq '[email protected]'
+        end
+
+        it 'redirects to account url' do
+          expect(response).to redirect_to spree.account_url(only_path: true)
+        end
+      end
+
+      context 'when user not valid' do
+        before { put :update, params: { user: { email: '' } } }
+
+        it 'does not affect spree_current_user' do
+          expect(subject.spree_current_user.email).to eq user.email
+        end
       end
     end